REPORT SUSPICIOUS ACTIVITY

Suspicious Behaviors and Activities That Should Be Reported Include

ELICITING INFORMATION

Questioning individuals at a level beyond mere curiosity about particular facets of a facility’s or building’s purpose, operations, security procedures, etc., that would arouse suspicion in a reasonable person.

TESTING OF SECURITY

Interactions with or challenges to installations, personnel, or systems that reveal physical personnel or cybersecurity capabilities.

Taking pictures or video of facilities, buildings, or infrastructure in a manner that would arouse suspicion in a reasonable person. Examples include taking pictures or video of infrequently used access points, personnel performing security functions (patrols, badge/vehicle checking), security-related equipment (perimeter fencing, security cameras), etc. All reporting on photography should be done within the totality of the circumstances.

OBSERVATION / SURVEILLANCE

Demonstrating unusual interest in facilities, buildings, or infrastructure beyond mere casual or professional (e.g., engineers) interest such that a reasonable person would consider the activity suspicious. Examples include observation through binoculars, taking notes, attempting to measure distances, etc.

MATERIALS ACQUISITION / STORAGE

Acquisition of unusual quantities of precursor materials, such as cell phones, pagers, fuel, and timers, such that a reasonable person would suspect possible criminal activity.

AQUISITION OF EXPERTISE

Attempts to obtain or conduct training in security concepts (military weapons or tactics) or other unusual capabilities that would arouse suspicion in a reasonable person.

WEAPONS DISCOVERY

Discovery of unusual amounts of weapons or explosives that would arouse suspicion in a reasonable person.

Stealing or diverting something associated with a facility/infrastructure (e.g., badges, uniforms, identification, emergency vehicles, technology, or documents [classified or unclassified] that are proprietary to the facility).

SABOTAGE / TAMPERING / VANDALISM

Damaging, manipulating, or defacing part of a facility/infrastructure or protected site.

CYBERATTACK

Compromising or attempting to compromise or disrupt an organization’s information technology infrastructure.